On Tue, Aug 05, 2025 at 08:54:02AM -0500, Andrea Bolognani wrote:
> On Thu, Jul 31, 2025 at 07:33:21PM +0100, Daniel P. Berrangé via Devel wrote:
> > +++ b/src/qemu/qemu_firmware.c
> > @@ -1540,6 +1540,7 @@ qemuFirmwareSanityCheck(const qemuFirmware *fw,
> > bool requiresSMM = false;
> > bool supportsSecureBoot = false;
> > bool hasEnrolledKeys = false;
> > + bool cvm = false;
>
> Maybe isConfidential instead, to follow the existing convention and
> be a little more descriptive?
>
> > @@ -1566,7 +1569,8 @@ qemuFirmwareSanityCheck(const qemuFirmware *fw,
> > }
> > }
> >
> > - if ((supportsSecureBoot != requiresSMM) ||
> > + if ((!cvm &&
> > + (supportsSecureBoot != requiresSMM)) ||
> > (hasEnrolledKeys && !supportsSecureBoot)) {
> > VIR_WARN("Firmware description '%s' has invalid set of features: "
> > "%s = %d, %s = %d, %s = %d",
>
> This could use a short comment explaining why firmware intended for
> CVM doesn't need SSM for Secure Boot.
>
> Regardless of whether you want to act on any of the above
> suggestions, the change makes sense so
I made both those changes and pushed.
With regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
